SACRAMENTO — The new year rang in 13 new privacy laws that were passed by the Legislature and signed by Governor Schwarzenegger in 2005 to help protect California consumers. New laws ban "phishing," increase the penalties for "spamming," and provide greater protections against the abuse of a person's financial or personal information.

"Make sure that stealing your personal information wasn't the good fortune of identity thieves over the holidays," warns Charlene Zettel, Director of the Department of Consumer Affairs. "Our upbeat holiday shopping season may be winding down, but now is the time to stay alert and prevent yourself from becoming a victim."

Zettel also urged consumers to start some good habits. "It is important to monitor your monthly statements and immediately report any unknown charges or accounts you did not open," she continued.

New laws include:

Data Collection/Use Limits

AB 361 (Runner) — Notaries Public: This law makes it a misdemeanor for notaries to willfully fail to perform duties and clarifies that the crime of forgery includes falsifying an acknowledgement of a notary. See Civil Code §1189, Government Code §§8225, 8214.8 and 8228.1, and Penal Code §470.

AB 1517 (Runner) — Department of Managed Health Care Employee Background Checks: This law permits DMHC to conduct criminal background checks on prospective employees who would have access to medical information. It also requires DMHC to conduct criminal background checks on contractors with access to medical records. See Government Code §1041.

AB 1527 (Liu) — Identity Theft — Bank Account Numbers: This law prohibits a depository institution, as defined, from using an account number previously held by a different customer until three years after the account was closed. See Financial Code §4100.

AB 1595 (Evans, Spitzer) — Privacy — Public Officials: This law prohibits a person, business or association from posting or displaying, on the Internet, the home address or telephone number of any elected or appointed official if that official has made a written demand not to disclose his or her information. It limits the liability of an interactive computer service or access provider under these provisions. It also adds to the list of elected or appointed officials covered by all of the foregoing provisions state administrative law judges, federal judges, and federal defenders, Members of the United States Congress, and appointees of the President. See Government Code §6254.21.

SB 13 (Bowen) — Personal Information for Research, State Agencies: This law amends the Information Practices Act, a comprehensive privacy law that applies to state agencies. It authorizes a state agency to disclose personal information for certain research purposes to the University of California or a nonprofit educational institution only if the request is approved by the Committee for the Protection of Human Subjects for the California Health and Human Services Agency. The law also establishes criteria for the review and approval of the request. See Civil Code §1798.24, Welfare & Institutions Code §10850.

SB 158 (Machado) — Powers of Attorney — Social Security Numbers: This law deletes the SSN line from the statutory form to be used for granting power of attorney and also requires the inclusion of a statement on the form that a third party may seek identification. See Probate Code §4401.

Identity Theft

AB 988 (Bogh) — Identity Theft — Criminal Profiteering: This law adds "the theft of personal identifying information" to the offenses specified as criminal profiteering activity and patterns of criminal profiteering activity. See Penal Code §186.2.

AB 1069 (Montanez) — Identity Theft: This law prohibits the possession of document-making devices with intent to use them to manufacture, alter, or authenticate a deceptive identification document. It also includes, in the definition of "deceptive identification document," documents not used by a government agency of a foreign government, an international government or an international quasi-governmental organization. A conviction is punishable by up to one year in county jail and/or a fine of up to $1,000. See Penal Code §483.5.

AB 1566 (Calderon) — Identity Theft — Penalties for Armed Forces Victims: This law provides that identity theft involving the personal information of a member of the armed forces, reserve or National Guard, on active duty outside the state, is punishable by imprisonment for one year and/or a fine of up to $2,000. It also provides for ordering the defendant to make restitution to the victim for any economic loss. See Penal Code §530.5.

SB 460 (Margett) — Offender Access to Personal Information: This law expands existing law to prohibit any county jail or state prison inmate from having any job that provides access to personal information. See Penal Code §§4017.1 and 5017.

Online Privacy

SB 355 (Murray) — Anti-Phishing Act of 2005: This law makes it unlawful for any person to solicit, request, or take any action to induce another person, through electronic means, to provide identifying information by representing itself to be a business without the approval or authority of the business. It provides civil remedies and penalties for violation. See Business & Professions Code §22948.2.

Unsolicited Communications

SB 97 (Murray) — Spam Penalties: This law provides that a violation of California's existing anti-spam law constitutes a misdemeanor. It authorizes a fine of up to $1,000 and/or imprisonment of up to six months. See Business & Professions §17529.5.

SB 833 (Bowen) — Unsolicited Advertising Faxes: This law makes it unlawful for a person or entity, if located in California or if the recipient is located in California, to send an unsolicited advertisement to a fax machine. The law authorizes the recipient of an unsolicited advertising fax to bring an action for a violation of these provisions for injunctive relief, actual damages, or damages of $500 per violation, whichever is greater, or both injunctive relief and damages. And, if the violation was willful, the law authorizes a court to award treble damages. The law also makes it unlawful for a person or entity, if located in California or if the recipient is located in California, to initiate a facsimile communication, unless the message is clearly marked with certain identifying information. See Business & Professions Code §7538.43.

The above laws represent those introduced from the previous and the current legislative sessions. Nearly two dozen pending pieces of privacy-related legislation will undergo legislative review in 2006. California was the first state to enact identity theft laws; nearly two dozen other states have since enacted similar laws. Additional information about California privacy law is available through the California Privacy Legislation link on www.privacy.ca.gov.

Coming Soon:

California's newest information and recommended practices on privacy protection will be available at the state's second identity theft summit, titled "Teaming Up Against Identity Theft: A Summit on Solutions." Workshops and training on how to fight back against this crime take place Thursday, February 23, 2006, at the Los Angeles Convention Center, along with an on-site Identity Theft Victim Clinic and Exposition. To learn more or to register for the one-day event, log onto www.idtheftsummit.ca.gov.

# # #